Access Control Fundamentals
13. Access Control Techniques
13.1. Rule-Based Access Control
- Rule-based access control uses specific rules that indicate what can and cannot happen between a subject and an object.
- A subject should meet a set of predefined rules before it can access an object.
- It is not necessarily identity based, i.e. it can be applicable to all the users or subjects irrespective of their identities.
- E.g.: Routers and firewall use rules to filter incoming and outgoing packets